Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Discover SplitSpectre, a New Spectre-like CPU Attack (zdnet.com)

Posted by BeauHD on from the new-and-improved dept.

An anonymous reader writes from a report via ZDNet: Three academics from Northeastern University and three researchers from IBM Research have discovered a new variation of the Spectre CPU vulnerability that can be exploited via browser-based code. The vulnerability, which researchers codenamed SplitSpectre, is a variation of the original Spectre v1 vulnerability discovered last year and which became public in January 2018. The difference in SplitSpectre is not in what parts of a CPU's microarchitecture the flaw targets, but how the attack is carried out. Researchers say a SplitSpectre attack is both faster and easier to execute, improving an attacker's ability to recover code from targeted CPUs. The research team says they were successfully able to carry out a SplitSpectre attack against Intel Haswell and Skylake CPUs, and AMD Ryzen processors, via SpiderMonkey 52.7.4, Firefox's JavaScript engine. The good news is that existing Spectre mitigations would thwart the SplitSpectre attacks.

48 comments

  1. Missing Information by Jane+Q.+Public · · Score: 3, Interesting

    I presume that since mitigation measures for Spectre also work against Split Spectre, that CPUs (like mine) which aren't vulnerable to Spectre are also not vulnerable to Split Spectre?

    I realize that it's a bit of speculation but it seems like a reasonable conclusion.

    I know it might surprise some people but not all recent processors are vulnerable. For example, according to intel, in their i7 lineup only their 45nm and 32nm process chips are vulnerable.

    1. Re:Missing Information by Anonymous Coward · · Score: 0

      those intel chips are vulnerable only because intel chooses not to provide new microcode for them, despite the simple fact that any core2 or newer multi-core chip is absolutely still 'viable' today (and will be for a number of years yet).

    2. Re:Missing Information by Anonymous Coward · · Score: 2, Informative

      Intel has provided microcode updates for most CPU lines. Most have been distributed via a Windows Update after Microsoft decided to help when motherboard vendors went missing in action.

    3. Re:Missing Information by darkain · · Score: 4, Funny

      Are you speculating whether or not you're vulnerable to speculation attacks..?

    4. Re: Missing Information by Anonymous Coward · · Score: 0

      Most does not mean all.

    5. Re:Missing Information by arth1 · · Score: 4, Informative

      Intel has provided microcode updates for most CPU lines.

      For odd definitions of "most". Out of the 221 processors Intel have microcode updates for, 49 have updates from 2018. The rest do not.

    6. Re:Missing Information by Anonymous Coward · · Score: 0

      "I know it might surprise some people but not all recent processors are vulnerable. For example, according to intel, in their i7 lineup only their 45nm and 32nm process chips are vulnerable."

      Citation needed, particularly given Intel have released workarounds for far more than this.

    7. Re:Missing Information by liquid_schwartz · · Score: 1

      Intel has provided microcode updates for most CPU lines.

      For odd definitions of "most". Out of the 221 processors Intel have microcode updates for, 49 have updates from 2018. The rest do not.

      Really it depends on which chips sell the most. The top 20 of that 221 probably account for over half the sales.

  2. jesus christ on a raft... by layabout · · Score: 1

    time to dig out my old kim-1 and forth env.

    1. Re:jesus christ on a raft... by Anonymous Coward · · Score: 0

      I'm going to start coding with a stick writing in the sand, it's much safer than what Silicon Valley does with it.

    2. Re:jesus christ on a raft... by Waffle+Iron · · Score: 4, Funny

      time to dig out my old kim-1 and forth env.

      Sorry, but security researchers have recently discovered that due fundamental architectural issues, a hypothetical malicious program could trivially access *all* of the data on any 6502-based system.

    3. Re:jesus christ on a raft... by The+Grim+Reefer · · Score: 1

      I'm going to start coding with a stick writing in the sand, it's much safer than what Silicon Valley does with it.

      So you're leaving silicon valley to go to a silicon beach? I don't know which is scarier, a spectre or a hurricane.

    4. Re:jesus christ on a raft... by Anonymous Coward · · Score: 0

      That type of coding has inherent vulnerabilities to a host of other exploits including hurricane, typhoonorama, rainingcatsndogs, tidalflood and fattouristshoeprint attacks.

    5. Re:jesus christ on a raft... by BringsApples · · Score: 1

      I'm from Alabama, please come visit during a hurricane. I'll set up a laptop with spectre loaded, and you can sit on my front porch while the storm hits. See which bothers you more - the storm or the laptop.

      --
      Politics; n. : A religion whereby man is god.
    6. Re:jesus christ on a raft... by Anonymous Coward · · Score: 0

      Sorry, but security researchers have recently discovered that due fundamental architectural issues, any program could trivially access *all* of the data on any 6502-based system.

      Fixed it :)

    7. Re:jesus christ on a raft... by Anonymous Coward · · Score: 0

      It's still safer than Windows, and I won't get any phone calls from "This is Sand calling, your beach have crabs" every 2 days.

  3. Re:Manafort, life in prison. Flynn, no jail at all by Anonymous Coward · · Score: 0

    You really need a hobby my friend. Ever thought of putting your dick in a woman?

  4. Re: Manafort, life in prison. Flynn, no jail at al by Anonymous Coward · · Score: 0

    Has manaforts lawyer released his nightly raving statement of innocence yet?

  5. Re: Manafort, life in prison. Flynn, no jail at al by Anonymous Coward · · Score: 0

    Itâ(TM)s probably a Russian bot...

    Donâ(TM)t give it too hard a time, if it fails to sow enough strife Putin will have it murdered.

  6. They laughed by Anonymous Coward · · Score: 4, Insightful

    Oh you, managed languages are safe.
    Okay so they aren't, but sandboxes are safe.
    Okay alright there are bugs, but virtual machines are safe.
    So about thos' virtual machines...
    Yeah fuck you, throw another layer on, what does it matter.

  7. Re: Manafort, life in prison. Flynn, no jail at al by Anonymous Coward · · Score: 0

    GO HOME IVAN YOU'RE DRUNK -- In soviet America, we can still use apostrophes correctly even if Trumptards can't hit the keys correctly with their swine hooves, lol pity the dumb traitors in Red Methmerica.

  8. linux has microcode updates as well! by Joe_Dragon · · Score: 2

    linux has microcode updates as well!

    1. Re:linux has microcode updates as well! by Anonymous Coward · · Score: 0

      linux has microcode updates as well!

      I saw a microcode patch as well in OpenBSD; it reads as "intel-firmware..."

  9. Re: Manafort, life in prison. Flynn, no jail at al by Anonymous Coward · · Score: 0

    GO HOME HUCKLEBERRY -- In little America we know that it's a parsing error, only dumblefucks don't know that by now.

  10. Re:Wishing All A White Christmas! by Anonymous Coward · · Score: 0

    +1

  11. Re: Manafort, life in prison. Flynn, no jail at al by Anonymous Coward · · Score: 0

    Iphones don't work in Russia? Aww.

  12. Re:Wishing All A White Christmas! by Anonymous Coward · · Score: 0

    Funny thing is, by Hitler's standards you are not aryan and, therefore, your beloved fairy tale has a surprise for you... run!

  13. Re: Wishing All A White Christmas! by Anonymous Coward · · Score: 0

    Love the great good man.

    Keep dreaming!

  14. Just another day, another Spectre concept by Anonymous Coward · · Score: 0

    Not really news anymore, these were predicted to come about after the initial release of proof of concepts. We can all hope that patches and firmware stops them. Or you can disable hyperthreading and pay even more of a performance hit like Open BSD has done with its OS.

  15. Re:Wishing All A White Christmas! by Anonymous Coward · · Score: 0

    Also clearly a retard, Hitler liked to have 'experiments' done on them.

    Most of today's neo-nazis would have been shipped off to the camps under Hitler as 'unfit to live'.

  16. Maybe its time to rething - Linus by DarkOx · · Score: 1

    Maybe its time to re-think not enabling the mitigations in the Linux by default?

    This looking more exploitable in the wild all the time

    --
    Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    1. Re:Maybe its time to rething - Linus by vyvepe · · Score: 2, Insightful

      No, Linus is right. The performance impact of the patches is big.

      If you have up to date browser then you do not have a problem. Resolution of timers available from scripts is lowered to make this attack infeasible.

      If you are running executable from web then you have much bigger worry than spectre. The executable can damage you directly instead of trying to rely on a a "cooperation" of another process.

      These bugs are mostly a serious worry for companies renting virtual machines where executables run in the images are by default hostile.

    2. Re:Maybe its time to rething - Linus by Anonymous Coward · · Score: 0

      AI / machine learning hacking will make finding and exploiting vulnerabilities as easy as throwing a rock through a window. This is nothing in comparison to what will be found later on.

    3. Re:Maybe its time to rething - Linus by 110010001000 · · Score: 0

      Why is this marked insightful? This has nothing to do with "browsers" or the "web".

    4. Re:Maybe its time to rething - Linus by squiggleslash · · Score: 2
      Apparently this proof of concept is written in Javascript and targets Firefox. FTA:

      For their academic paper, the research team says it successfully carried out a SplitSpectre attack against Intel Haswell and Skylake CPUs, and AMD Ryzen processors, via SpiderMonkey 52.7.4, Firefox's JavaScript engine.

      The article also agrees with the person who was modded insightful:

      Nonetheless, researchers said that existing Spectre mitigations would thwart the SplitSpectre attacks. This includes CPU microcode updates that CPU vendors have released over the past year, updates to popular code compilers to harden apps against Spectre-like attacks, and the browser-level modifications that browser vendors have shipped with post-January 2018 browser releases to make it infeasible to carry out web-based Spectre attacks.

      (My bold and italics)

      --
      You are not alone. This is not normal. None of this is normal.
    5. Re:Maybe its time to rething - Linus by vyvepe · · Score: 1

      Why is this marked insightful? This has nothing to do with "browsers" or the "web".

      It has a LOT to do with browsers and web. It has a lot to do with anything which runs a code downloaded somewhere from internet. Browsers with their java script engines are the first and the most easy target That is because the browsers run any java script from any hacked or malicious web site. Some email clients can interpret java script too. Disable java script in email client (if it executes it at all - most probably do not do it nowadays). Disable java script in browser or update the browser. It is recomended to use some ad blocker and preferably also something like uMatrix to limit the amount of malicious scripts your browser is running. This is a good idea not only because of Spectre/Meltdown.

      In general, be careful about downloading and running executable (binaries) from web sources which you do not know to be reliable. But the point is that if you already do this then you have much more to worry about than Spectre and Meltdown. Spectre/Metldown are "only" information leaks. Running some random code from internet is potentially executing a malicious code directly. You need to care not only about Spectre/Meltdown but also about all the data accessible or modifiable to the account running the process as well as all the local privilege escalation bugs.

  17. Vulnerabiliy Fatigue by Anonymous Coward · · Score: 1

    The bigger and unspoken problem with these vulnerabilities and breaches that we've been seeing lately is that they all create significant penalties for the consumers along with a sense of being unable to do anything about them. People feel that the problems that can be fixed do so at the cost of time, and effort to patch, along with a near 50% reduction in power. Basically rendering their expensive computers impotent and useless paper weights. They also suffer a sense of hopelessness as there is little or nothing that they can do about it.

    This all creates vulnerability fatigue, and worse still, indifference. Perhaps, even willful ignorance. People are increasingly saying; 'I'm tired of all this shit. I just want my stuff to work. I'm not going to worry about this shit anymore.'

    So, rather than security being improved by researchers discoveries and the endless flood of "patches" and inconveniences. People are just closing their eyes and charging on ahead. 'Screw these esoteric vulnerabilities. Screw breaches. It happens. So what. The world doesn't end. Move on.'

    People are sick and tired of hearing about risks, the inconveniences that they must endure, the scare mongering, and the ultimate futility of anything they do or think.

    Frankly, I don't blame them.

    1. Re:Vulnerabiliy Fatigue by Anonymous Coward · · Score: 0

      Class action suits then, gt on their asses hard for bad chip design.

  18. Re: Manafort, life in prison. Flynn, no jail at al by Anonymous Coward · · Score: 0

    Don't know how to use an apostrophe? Then you probably shouldn't post.

  19. Not a very memorable name... by Anonymous Coward · · Score: 0

    CamelToe would have been better.

  20. New way to skin a DEAD cat! by Fly+Swatter · · Score: 1

    News at 11:00.

    Seriously - so they found another way to abuse spectre that still doesn't work with existing mitigation - what is exactly the important news here?

  21. Re: Manafort, life in prison. Flynn, no jail at al by Anonymous Coward · · Score: 0

    If you knew how to use a computer, you wouldn't be using character codes that don't get interpreted. Go back to school, little boy.

  22. Re:Wishing All A White Christmas! by Anonymous Coward · · Score: 0

    No just niggers, beaners and wogs would die and the world would become a better place without those shitskins.

    I love killing shitskins. So far I have shot four of them for trespassing on my land. Three in the back while they tried to flee like the cowards that they are and one in the face when he was peering through my window.

  23. Another reason to disable JS in the browser by Anonymous Coward · · Score: 0

    This is just a timely reminder to keep JavaScript disabled in your browsers as widely as possible. Block those advertisements!

    These days I use umatrix to disallow scripts on all pages on first visits. Then I'll re-enable JS case-by-case until I get the functionality I need or until I notice that the web site in question wants me to sign away my soul to 3rd parties before becoming useful at all.

    All unnecessary (advertisement related) JS processes present an attack surface.

  24. APK Hosts File Engine to the rescue (again)... apk by Anonymous Coward · · Score: 0

    See subject:This attack's javascript based so a malicious script src can be blocked via hosts files & voila: NO problem.

    APK

    P.S.=> For the best hosts file for protection vs. threats + more speed/reliability/anonymity onilne:

    APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p (remove spaces between download URL characters & download)

    APK Hosts File Engine 10++ SR-1 32/64-bit for Windows https://hosts-file.net/?s=Down... (see download link @ bottom of page) ... apk